deepdive writes: I have a basic question. What is the privacy/security health of the Linux kernel (and indeed other FOSS OS's) given all the recent stories about the NSA going in and deliberately subverting various parts of the privacy/security sub-systems. Basically, can one still sleep soundly thinking that the most recent latest/greatest ubuntu/opensuse/what-have-you distro she/he downloaded is still pretty safe. Or do people need to get a little worried and start burning some extra night oil over this?

is for a working group to trust the wrong person to be "the person" for some tiny aspect of encryption or networking. On average crypto history (1950-90's) shows the result.
The idea that Linux would be left alone is like saying Apple was too small for the US gov invite.

We can say that while the open source based Linux/BSD ecosystems are without a doubt safer security wise, and better privacy wise, from non-state crackers and blackhats, it is probably at best only marginally more difficult for state players like the NSA to infiltrate. NSA is primarily exploiting the human weakness angle in it's efforts towards surveillance, and that human element is as weak in the open source community as in the commercial sectors. The one real advantage is the "many eyes" effect, which st

My point is not to compare FOSS with the rest of the closed source stuff. FOSS definitely has an advantage with the "many eyes" effect etc. But that still does not guarantee that the 'control freaks' wont be able to sneak in something sinister into a benign looking app in an major Linux distro. Question is whether the FOSS community would go through some sort of SOP yet again for 'driving out these demons'.

Well from what I see, the kernel itself is pretty heavily reviewed and inspected, but on the other hand it is also a HUGE code base, and many old code could be lurking without any recent review. Also lots of manufacturer provided binary blobs are accepted into the kernel, and these could conceivably be an easy route for NSA etc to infiltrate the kernel, by forcing the company providing the binary blob to insert their backdoor. There was also discussion recently how writable microcode on recent Intel chips c